Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insecure Direct Object Reference in /plugins/focalboard/ api/v2/users of Mattermost Boards
Vulnerability Description
Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information (e.g. name, surname, nickname) via Mattermost Boards.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
Mattermost 安全漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 存在安全漏洞,该漏洞源于无法在 /plugins/focalboard/api/v2/users 端点中执行适当的授权,从而允许作为访客用户且知道其他用户 ID 的攻击者通过 Mattermost Boards 获取其信息(例如姓名、昵称)。
CVSS Information
N/A
Vulnerability Type
N/A